866.254.0000
Talk with a Specialist
Services
SOC & Attestations
Payment Card Assessments
ISO Certifications
Privacy Assessments
Federal Assessments
Healthcare Assessments
Penetration Testing
Cybersecurity Assessments
Crypto and Digital Trust
Schellman Training
ESG & Sustainability
AI Services
View All Services
Industry Solutions
Cloud Computing & Data Centers Meet a broad range of regulatory and industry compliance mandates for your customers
Financial Services & Fintech Cybersecurity assessments for both the banking industry and the financial service providers
Healthcare Reporting to manage risk and adhere to applicable laws and regulations
Payment Card Processing Validate compliance with the various forms of the PCI DSS
US Government Achieve authorization to work for federal agencies, DoD, and the associated contractor base
Higher Education & Research Laboratories Reinforce your commitment to securing your student's and institution's data.
View All Industry Solutions
Learning Center
Our Technology
About Us
Leadership Team
Careers
Corporate Social Responsibility
Strategic Partnerships
Visit About Us
Services
Services
View All Services
SOC & Attestations
SOC & Attestations
Payment Card Assessments
Payment Card Assessments
ISO Certifications
ISO Certifications
Privacy Assessments
Privacy Assessments
Federal Assessments
Federal Assessments
Healthcare Assessments
Healthcare Assessments
Penetration Testing
Penetration Testing
Cybersecurity Assessments
Cybersecurity Assessments
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
ESG & Sustainability
ESG & Sustainability
AI Services
AI Services
Industry Solutions
Industry Solutions
View All Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Higher Education & Research Laboratories
Higher Education & Research Laboratories
Learning Center
Our Technology
About Us
About Us
About Schellman
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility
Strategic Partnerships
Strategic Partnerships
Talk with a Specialist

«  View All Posts

Is Geolocation Finding Waldo? Blog Feature
AVANI DESAI

By: AVANI DESAI

Print/Save as PDF

Is Geolocation Finding Waldo?

Privacy Assessments

I’m sure you’ll have noticed in the last few years of using smart phones that every time you add a new app, no matter what that app is for, it asks if it can “use your location”.  Sure, you get a chance to allow or not, but how many of us just click that allow button without thinking what information that simple choice conveys?

Types of Geolocation and What Information They Give You

There are some ways that an application, on a mobile or a website, can find where you are in the world, aka, your geolocation. Websites accessed through a browser on a laptop/desktop, have fewer options than those accessed through a phone or a mobile app. In general, websites that require geolocation but that are accessed from a laptop or desktop can use Geo-IP whereas mobile devices, such as phones and tablets can use a wider set of location methods for finding out where you are. Here’s a look at the main methods:

Geo-IP: This is where the device or browser uses your IP address to identify your location. An API (software service) makes a call to a database, which stores IP addresses and resolves your IP address to a location. Geo-IP location methods are often inaccurate. This is because IP addresses are dynamic, i.e. the IP address changes over time. This is why, when you resolve a dynamically generated IP address it will often show the location of the ISP that is delivering the service. You can try it out yourself using this website, which shows some different IP databases, some more accurate than others: iplocation.net. If you are an individual you will see, along with your IP address:

  • The country you reside in
  • The region in that country you live
  • The city you live in
  • Your ISP provider
  • The Organization (if this is a business address)
  • Your latitude and longitude

Location Services: This method is the one you’ll know from using a smart phone, but you are also starting to see this technology used in, in-car navigation systems too. It is a useful technology. It can let you find local attractions like restaurants and what’s on at your nearest movie theater, that sort of thing. Both IOS and Android use four different methods to locate you:

  1. GPS (Assisted)
  2. Crowdsourced Wi-Fi
  3. Cell tower triangulation
  4. Bluetooth (using iBeacons)

If one fails, they move onto the next. For example, GPS isn’t very good indoors so the API will try Wi-Fi instead.

Compared to GEO-IP, Locations Services are pretty accurate, sometimes within tens of meters. If you’re outside your local K-Mart, location services will know you are.

The data that is revealed when you allow Location Services on your mobile includes: 

  • Accurate location data
  • Time stamp of when you were at a specific location

It can use both of these pieces of data to effectively track your very movement, across time and space.

If you take this to the next level, you can see that this type of information, seemingly innocuous data showing where you were at a given time, could be used to build up a picture of your daily habits. Where you shop, where you worship, aka your religion, where you work, your friends locations and even, potentially, your political leaning.

The problem is compounded when geolocation is used along with other data that is collected, such as email address, SIM card details and phone numbers. Many apps collect this data without expressly requesting consent. One of the issues you have when using location services with apps, is that it isn’t the privacy policy of Apple or Google you need to be concerned with, but the privacy policy of the third party app, collecting your data, that you need to be wary of. For example, Apple makes a statement regarding this:

“If you allow third-party apps or websites to use your data or your current location, you're subject to their terms, privacy policies, and practices.”

If you use lots of apps, which many of us do, then that is a lot of privacy policy reading that needs to be done.

The types of concerns we, as consumers, need to be aware of, include things like third party disclosure where the app vendors, using our location data, may also be selling it onto third parties. However one of the more sinister and intrusive aspects of location services is the tracking capability as mentioned previously – you literally can be tracked throughout your whole day, life habits being monitored and used for marketing and profiling, it is creepy tech at its most creepy.

Can we do anything about this?

Well you can turn location services off in apps, but many of them won't work as well, or have reduced functionality. And even if you do turn it off, the mobile phone itself can still collect location information using cell triangulation.

There is movement regarding legislation to try and stem the flow of our personal information, including geolocation data. The Consumer Privacy Bill of Rights Act of 2015, covers geolocation data as well as other personally identifying information. The bill is still in draft, but will give the Federal Trade Commission (FTC) the ability to impose fines on companies that violate the rights set out in the bill, however the maximum fine is currently set at $35,000.

About AVANI DESAI

Avani Desai is the CEO at Schellman. Avani has more than 15 years of experience in IT attestation, risk management, compliance and privacy. Avani’s primary focus is on emerging healthcare issues and privacy concerns for organizations. Named as one of the 2017 Global Leaders in Consulting by Consulting Magazine she has also been featured and published in the ISSA Journal, ITSP Magazine, ISACA Journal, Information Security Buzz, Healthcare Tech Outlook, and many more. Avani also sits on the board of Catalist, a not for profit that empowers women by supporting the creation, development and expansion of collective giving through informed grantmaking. In addition, she is co-chair of 100 Women Strong, a female only venture philanthropic fund to solve problems related to women and children in the community.

4010 W Boy Scout Boulevard
Suite 600
Tampa, FL 33607

U.S. 1.866.254.0000

Outside the U.S.
1.813.288.8833

Resources
Company
Stay Up-to-Date

Sign up to receive Schellman's Weekly Ready delivered every Friday morning.

© SchellmanPrivacy PolicyTerms of Use

“Schellman” is the brand name under which Schellman & Company, LLC and Schellman Compliance, LLC provide professional services. Schellman & Company, LLC and Schellman Compliance, LLC practice as an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations and professional standards. Schellman & Company, LLC is a licensed certified public accounting firm (Florida license number AD62941) registered with the Public Company Accounting Oversight Board (PCAOB) that provides attest services to its clients, and Schellman Compliance, LLC provides nonattest cybersecurity and compliance professional services to its clients. Schellman Compliance, LLC is not a licensed CPA firm. Schellman & Company, LLC and Schellman Compliance, LLC are independently owned and are not liable for the services provided by any other entity providing services under the Schellman brand. Our use of the terms “our firm” and “we” and “us” and terms of similar import, denote the alternative practice structure conducted by Schellman & Company, LLC and Schellman Compliance, LLC.